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Abstract. An algorithm for unification modulo one-sided distributivity is an early result 
by Tiden and Arnborg. More recently this theory has been of interest in cryptographic 
protocol analysis due to the fact that many cryptographic operators satisfy this property. 
Unfortuirately the algorithm presented in the paper, although correct, has recently been 
shown not to be polynomial time bounded as claimed. In addition, for some instances, 
there exist most general unifiers that are exponentially large with respect to the input size. 
In this paper we first present a new polynomial time algorithm that solves the decision 
problem for a non-trivial subcase, based on a typed theory, of unification modulo one¬ 
sided distributivity. Next we present a new polynomial algorithm that solves the decision 
problem for unification modulo one-sided distributivity. A construction, employing string 
compression, is used to achieve the polynomial bound. Lastly, we examine the one-sided 
distributivity problem in the new asymmetric unification paradigm. We give the first 
asymmetric unification algorithm for one-sided distributivity. 


1. Introduction 

Equational unification has long been a core component of automated deduction and more 
recently has found application in symbolic cryptographic protocol analysis [6]. In particular, 
the algorithm for unification modulo a one-sided distributivity axiom 

Xx{Y + Z) = XxY + XxZ 

is an early result by Tid& and Arnborg [22]. More recently this theory has been of interest 
in protocol analysis due to the fact that many cryptographic operators satisfy this property. 
Unfortunately the algorithm presented in the paper, although elegant and correct, has 
recently been shown not to be polynomial time bounded as claimed m- In addition, for 
some instances, there exist most general unifiers (mgus) that are exponentially large with 
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respect to the input size. In this paper we examine the decision problem for one-sided 
distributivity. More formally we consider the decision problem for elementary unification 
modulo this theory, where the terms can only contain symbols in the signature of the 
theory and variables. This is the theory considered by Tiden and Arnborg |22j . We first 
present a new polynomial time algorithm which solves the deeision problem for a non-trivial 
subcase, based on a typed theory, of unification modulo one-sided distributivity. This 
subcase happens to be sufficient to express the negative complexity result in m- Next 
we present a new polynomial algorithm which solves the decision problem for unification 
modulo one-sided distributivity. We employ string compression through the use of straight 
line programs, which allows us to achieve the polynomial bound. Compression by straight 
line programs proves to be sufficient for our results, however the use of compression in 
unification and matching is not novel to this paper. See for example [9] and [12] for some 
pioneering work on using compression in unification and other related problems. 

Since our initial results m, a new unihcation paradigm has been developed in |5| and is 
based on newly identified requirements arising from the symbolic analysis of cryptographic 
protocols. In order to satify these requirements and to apply state space reduction tech¬ 
niques, it is usually necessary for at least part of this state to be in normal form, and 
to remain in normal form even after unification is performed. This requirement can be 
expressed as an asymmetric unification problem {si ='*' ti, ..., Sn ='*' tn} where the ='*' 
denotes a unification problem with the restriction that any unifier leaves the right-hand 
side of each equation irreducible. Given our motivation in protocol analysis, our final result 
is to consider the theory in the newly developed paradigm and give the first asymmetric 
unification algorithm for one-sided distributivity. 

2. Paper Outline 

Let us give a brief preview of the remaining portions of the paper. 

• Section [3] presents the preliminary background material. 

• Section [4] presents an overview of the complexity result concerning the original Tiden and 
Arnborg [22] algorithm. 

• Section [5] presents the first contribution of this paper. We consider a restricted version 
of the one-sided distributivity problem, which is still sufficiently expressive to contain 
the family of problems presented in Section [4| For this new restricted version of the 
problem we develop a new polynomial time bounded decision algorithm (Algorithm [1]) . 
This section also provides an introduction to the methods used to solve the main problem. 
The solution to the main problem builds on Algorithm [1] primarily by the addition of string 
compression. 

• Section [6] contains the main contribution of this paper. Here we present a new polynomial 
bounded algorithm (Algorithm [2]) for the decision unification problem over a theory of 
one-sided distributivity. The result is achieved by building on Algorithm [1] and using 
polynomial methods for solving several problems on compressed strings. 

• Section [7| considers the one-sided distributivity problem in the new asymmetric unification 
paradigm. This new paradigm has only recently been identified (see 0) and is important 
to the area of cryptographic protocol analysis. Here we present the first asymmetric 
unification algorithm for the theory of one-sided distributivity. Although the algorithm is 
not polynomial bounded, it should (much like the original Tiden and Arnborg algorithm) 
perform well on most problems. In addition, the algorithm is relatively simple, consisting 
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of a small set of inference rules (see Figure [10]). One could ask why Algorithm [2] is not 
extended to the asymmetric problem? Unfortunately, the string compression methods 
required for the polynomial result in Section [6] do not easily extend to encapsulate the 
additional information needed in an asymmetric unification problem. This remains an 
open problem. 


3. Preliminaries and General Results 

We use the standard notation of equational unification [2| and term rewriting systems [T]. 
The set of S-terms, denoted by T(S, A), is built over the signature S and the (countably 
infinite) set of variables X. The terms t\p and t[u]p denote respectively the subterm of 
t at the position p, and the term t having u as subterm at position p. The symbol of t 
occurring at the position p (resp. the top symbol of t) is written tip) (resp. t{e)). The set 
of positions of a term t is denoted by Pos{t), the set of non variable positions for a term t 
over a signature S is denoted by Pos{t)-£. A S-rooted term is a term whose top symbol is 
in S. The set of variables of a term t is denoted by Var[t). 

A S-substitution 9 is an endomorphism of T(S, X) denoted by {Xi i-A U,..., Xn eA 
if there are only finitely many variables Xi,..., X^ not mapped to themselves. We call 
domain of 9 the set of variables {Xi ,..., A„} and range of 9 the set of terms {ti,... ,tn}- 
Application of a substitution 0 to a term t (resp. a substitution (p) may be written t9 
(resp. (j)9) or in functional notation as 9{t). 

Given a first-order signature S, and a set E of S-axioms (i.e., pairs of S-terms, de¬ 
noted by / = r), the equational theory =_e: is the congruence closure of E under the law 
of substitutivity. By a slight abuse of terminology, E will be often called an equational 
theory. 

Given an equational theory E, an Fi-unification problem is a set of equations 

S — {si — ti, . . . , Sm — I'm} 

A solution to <S, called an E-unifier, is a substitution <5 such that S{si) 5{ti) for all 
1 < i < m. A substitution 5 is more general modulo E than 0 on a set of variables V, 
denoted as 6 9, if and only if there is a substitution r such that St(X) =e 9{X) for 

all A G U. Two substitutions 0^ and 02 equivalent modulo E on a set of variables V, 
denoted as 0^ =g 02, if and only if 0^(A) =e 02(A") for all A G U. For a substitution 0 and 
a set of variables V, 9\y denotes the restriction of the substitution to the variables in V, 
i.e., 

9\y = {A ^ 0(A) I A G U} 

We call a set F of substitutions a complete set of E-unifiers of S if and only if (i) for 
every 0 G F, 0 is an A-unifier and (ii) for every A-unifier 0, there is a substitution h G F 

where 6 Q holds. A complete set of A-unifiers F of a unification problem S is 

Var(S) 

minimal if and only if for any two A-unifiers 6 and 0 in F, 6 ^ ' 9 implies that 5 = 9. 

Equational unification problems are classified based on the function symbols that ap¬ 
pear in them, i.e., their signature (Sig). An A-unification problem S is elementary if 
and only if Sig{S) = Sig{E). S is called an E-unification problem with constants if 
Sig{S) \ Sig{E) contains only free constants. Finally, if there are uninterpreted function 
symbols in Sig{S) \ Sig{E), S is called a general E-unihcation problem. 
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A set of equations S is said to be in standard form over a signature F if and only if 
every equation in S is of the form X t where A is a variable and t, a term over F, is one 
of the following: (a) a variable different from X, (b) a constant, or (c) a term of depth 1 
that contains no constants. We say S is in standard form if and only if it is in standard form 
over the entire signature. For a set of equations S in standard form, lhs{S) denotes the set 
of left-hand sides of equations in S. It is not generally difficult to decompose equations of 
a given problem into simpler standard forms. 

A set of equations is said to be in dag-solved form if and only if they can be arranged 
as a list 

Xi =' ti, ..., Xn =■ tn 

where (a) each left-hand side Xi is a distinct variable, and (b) V 1 < i j < n: Xi does 
not occur in tj ([ini). A set of equations S is said to be in F-solved form if and only if it 
is in standard form and the subset of equations S (1 {V x T{F,V)) is in dag-solved form. 
Note, a unification problem in dag solved form has a unique most general idempotent uniher 
(see [T 0 ]b 

An equation I = r is called a subterm collapsing equation iff one term is a proper 
subterm of the other. An equational theory, E, is called simple or subterm collapse free if 
there is no equation in E that is subterm collapsing: t s for all proper subterms s of 
t. Note, an important property of simple theories is: a variable X and a term t are not 
Fi-unifiable if A £ Var{t) (see [3]). 

Definition 3.1. A straight-line program (SLP) is a context-free grammar, G = (S, A, P). 
Where S is the set of terminal symbols (these will correspond to a set of “label” variables 
in this paper), A is a set of nonterminal symbols and P as set of grammar productions. 
P contains only two types of productions: Aj —)• o and Aj —>■ NjNk with i > j,k, where 
Aj, Np A^ are nonterminals and a is a terminal. The SLP generates exactly one string 
corresponding to the top nonterminal. 

As an example consider the string (a 6 )^^ 

abababababababababababababababababababababababababababababababab 


over the set of terminals {a, b}. A corresponding SLP for this string is [ Ai —a, A 2 b, 
A 3 — > A 1 A 2 , A 4 — > A 3 A 3 , A 5 — > A 4 A 4 , Ag — > A 5 A 5 , A 7 — > AgAg, Ag — y A 7 A 7 ]. The size 
of a SLP can be defined in several ways. We use the following definition from P. We note 
that the name SLP is not used in [H] and m rather they use the name Singleton Context- 
Free Grammars. For any terminal, a, define the depth{a) = 0 and for any nonterminal 
A 


depth{N) = 2 } {depth{N]f) -|- 1 | A —>■ A 1 A 2 } 

We can define the depth of the SLP as the depth of its top nonterminal. The size of a 
SLP, S, is defined to be the number of productions and is denoted as |5|. We denote the 
length of a string produced by a SLP S by IIS’!!, 64 in the above example. Note that the 
lengths are represented in binary. 


4. The Tiden-Arnborg Algorithm and the Exponential Examples 

Here we wish to very briefly review the Tiden-Arnbog Algorithm | 22 ] and the exponential 
time result HZ]. We can assume, without loss of generality, that the input is given as a set 
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of equations, where each equation is in one of the following forms: 

X =■ Y, X =■ y + Z, and X =■ y X Z 

A simple decomposition algorithm can transform a set of equations into the above form 
and maintain unifiability (see |22jl. 

4.1. The Tiden-Arnborg Algorithm. In [22] Tiden and Arnborg developed an elegant 
algorithm which is based on the following results. 

Theorem 4.1. (Tiden and Arnborg |22j ) 

In the theory of one-sided distributivity: 

(1) The set of equations {U =' Xi o X 2 ^ U Ti o T 2 ] has precisely the same unifiers as 
the set of equations {U =’ Xi 0 X 2 , Xi =’ Ti, X 2 T 2 }, where o is x or +. 

(2) Every unifier for the set of equations 

{u =■ V xw, w =■ + W2, X =-v X iTi, y =• y X w^} 

is a unifier for the set of equations {U V xW, U X + Y}, where Wi and W 2 are 
fresh variables. 

The key steps in the algorithm can be described by the deduction rules of Figure [H 


(a) 

{[/=? V] W SQ 
{[/=? H}u {Ue^V}{SQ) 

if U occurs in E Q 

(b) 

EQ \ii {U =■ V X W, 

U=- X xY} 

EQ U (U =■ V X W, V 

X, W =■ Y} 

(c) 

EQ W {U=- V-h W, 

U =■ X + Y} 

EQ U (U =■ V + W, V 

= ■ X, W =■ Y} 

(d) 

EQ ktl {U =■ V X W, 

U=- X + Y} 

EQ U (U =■ V X W, w =■ Wi -h ly, 

X =■ V X Wi, Y =■ V X W2} 


Figure 1: Tiden and Arnborg Inference Rules 

The Wi, W 2 in rule (d) are fresh variables and l±l is disjoint union. Furthermore, rule (d) 
(the “splitting rule”) is applied only when the other rules cannot be applied. A set of 
equations is said to be abc-reduce(^ if and only if none of the rules (a), (b) and (c) can 
be applied to it. A sum transformation is defined as a binary relation between two abc- 
reduced systems, 5]^ and S 2 , where S 2 is obtained from Si by applying rule (d), followed by 
exhaustive applications of rules (a), (b) and (c). Clearly, a sum transformation is applicable 
if and only if some variable occurs as the left-hand side in more than one equation. 

The algorithm also makes use of two graphs. The graphs are used to detect two types 
on non-unifiability errors. We include the definitions here for completeness. 

^Such a system of equations is called simple in |22| . However, simple has come to denote a theory that 
is subterm collapse free (see 0 ). 
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Definition 4.2. The dependency graph {D{S)) of an abc-reduced system, S, is an edge 
labeled, directed multi-graph. It has as vertices the variables of S. For an equation X = 
y -|- Z in S' it has an ^_|_-labeled edge {X, Y) and an r_|_-labeled edge {X, Z). An equation 
X = Y X Z similarly generates two edges with labels lx and rx- 

Definition 4.3. The sum propagation graph {P{S)) of an abc-reduced system S is a directed 
simple graph. It has as vertices the equivalence classes of the symmetric, reflexive, and 
transitive closure of the relation defined by the rx-edges in the dependency graph of S. It 
has an edge (V, W) iff there is an edge in the dependency graph from a vertex in y to a 
vertex in W with label or r_|_. 

It can be seen that by using cycle checking on D{S) we can detect all the occur-check 
like errors that may develop as the algorithm works with the system of equations. We know 
these are indeed errors due to the following property. 

Theorem 4.4. The one-sided distributive axiom is subterm-collapse free. 

Proof. If we consider the convergent system 

Xx{Y + Z)^XxY + XxZ 

we can see that the rule is non-size-reducing. Therefore, we cannot reduce a term f to a 
subterm of itself. □ 

This implies that the system is simple ([3]) and therefore occur-checks must be detected 
as they imply non-unifiability. 

The propagation graph is needed to detect non-unifiable systems that cause infinitely 
many applications of the splitting rule (d). An example of this type of system is the following 
two equations: 

Z =■ ^2 + 'Fs, Z =■ yi X Fg. 

These types of systems are shown not to have a finite unifier [22]. However, they will never 
produce a cycle in the dependency graph, thus the propagation graph is needed. 

We can conclude this overview of the original algorithm with some of the results proven 
for it in [22] : 

Theorem 4.5. From Tiden and Arnhorg [22] ; 

(1) The algorithm formed by applying the sum transformation with the rules of Figure{l\ is 
sound, complete and terminating. 

(2) If the system is not unifiable either the dependency graph (Definition \4.Sf) or the prop¬ 
agation graph (Definition \4.3^ will contain a cycle after a finite number of steps. 

(3) If either the dependency or the propagation graph contain a cycle, the initial system is 
not unifiable. 

(4) The algorithm produces a final solved form, which provides a unique most general unifier 
for the initial system. 

4.2. Complexity Result. In [17] a family of unifiable, abe-reduced systems is presented, 
on which the Tid&-Arnborg algorithm runs in exponential time. 

Definition 4.6. [I7] Let EQ be a subset of the set of abc-reduced systems defined as 
follows: all multiplications are of the form Xi T x Yj (or Yj T x Xi) where T is a 
unique variable and all additions are of the form Xi Xu + Xi 2 or Yi Yu -\- 1^2 ■ 
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That is variables are represented using X and Y along with subscripts. The actual 
family of instances that causes the exponential growth is a subset of EQ defined as; 

Definition 4.7. [T7] For n > 0, let cr(n) be the set of equations 



— ■ X^i+l + 

Ts* 

= ■ Y2ii+Y2i+l, 


= ■ TxAp2, 

X 

= ■ TxY, 


= ■ X^i+2 Xii-\-l2 


for all 0 < z < n. Where Xii denotes i concatenations of I G {1, 2}, i.e., Xi32 = X 1112 . 

It is shown in m that a system of equations, as defined in Definition 14.71 will result in 
exponentially many applications of the sum transformation. 

The result can be viewed graphically in the following manner. Let variables represent 
nodes in a graph and create downward edges for variables related by an addition operation 
and lateral edges for variables related by a multiplication operation (this is essentially the 
D(S) definition). The edges to the unique variable T will not affect the complexity and so 
can be ignored. We can see such graphs in the following two examples. Figure [2] represents 
an initial set of equations and Figure [3] is the same system after application of the Tiden- 
Arnborg algorithm. Essentially, we see that the new variables and paths that are created at 
each level of the graph are the cause of the complexity growth and will need to be avoided. 



Figure 2: Graph for (t(0) 
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Figure 3: After 4 applications of the sum transformation 


In the Tiden-Arnborg algorithm this exponential behavior is due to an exponential 
number of application of rule (d) from Figure [TJ This is the rule that creates the new 
variables and paths seen in Fignre [3l We develop a new algorithm in Section [5] which 
ensures a polynomial number of application of a rule equivalent to rule (d) from Figure [Hand 
this algorithm is sufficient to ensure polynomial time and solve the unification problem for 
the Single Homomorphism (introduced in the next section) restricted form of the problem. 
However, when applied to the full problem it proves insufficient, see example 16.11 The 
solution is to introduce the use of string compression, which is done in Section [H 

5. Typed System and Single Homomorphism 

We present a typed system interpretation of one-sided distributive unification. We begin 
with the simplest non-trivial subcase, the case of a single homomorphism. This is non-trivial 
because the exponential complexity result in m holds in this case as well. Consider a ‘type’ 
system based on two types ti and T 2 . We let all left multiplication variables be of type ri 
and all right variables of type T 2 . Thus 

X : Ti * r2 T2, 

-I- : T2*T2 T2, 

If there is only a single variable of type ti in the input equations then we can consider the 
multiplication operation as a homomorphism h over -|-. Thus, we can view an equation 
of the form X = T x Y, where T is the single variable of type ri, as the homomorphism 
equation X = h{Y). This is the single homomorphism case, it restricts the number of valid 
terms from the general case but it is sufficient for encoding the exponential example in m 
and it yields a much simplified decision algorithm. 
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5.0.1. Single homorphism and the General Algorithm. There are two primary reasons for 
considering this sub-case: 

(1) The Algorithm for the single homomorphism case (Algorithm [T| is more efficient than 
the algorithm that solves the general case (Algorithm [2j) . 

This is due to the SLPs. In Algorithmic every step dealing with compression must use 
SLPs and thus must employ various subroutines for dealing with SLPs, of which the 
best complexity measures are all of quadratic or greater polynomial complexity. How¬ 
ever, in this restricted case binary encoding provides suitable compression. Operations 
dealing with compressed objects are reduced to addition and subtraction, i.e., linear 
complexity. 

( 2 ) Algorithm [ 2 ] is built from Algorithm [TJ 

Algorithm [T] uses the same underlying method used in Algorithm [C Both algorithms 
approach the problem by ordering the equivalence classes (defined below) and “process¬ 
ing” each class, one at a time. However, the processing is less complex in this restricted 
theory since it does not need to deal with SLPs. This leads to a similar algorithm 
which is easier to understand. 

5.1. Data Structures. 

Definition 5.1. We define the following relations {X, Y and Z are variables): 

• X)^hY iiX = h{Y). 

• X )-i^Y ii X = Y + Z. 

• X )-r+ Z A X = Y + Z. 

• X Z a X = Y + Z or X = Z + Y. 

We use the following two graphs, that are similar to the dependency and propagation 
graphs used in m, see Definitions [Q and [Ql For a unification problem S in standard 
form we construct the following two graphs. 

Definition 5.2. A path labeled dependency graph {CD) is a directed graph such that the 
nodes in the graph correspond to variables of type T 2 . We form two kinds of edges: 

(i) Lateral edges, where for each equation of the form X h{Y), we have an edge from node 

X to node Y labeled with a label variable, h^. Thus, for single edges corresponding to a 
single homomorphism the label is h^. For paths corresponding to multiple homomorphisms 
(compound paths which will be constructed during the running of the algorithm) the label 
is h^, n G N"*", where n is the number of homomorphisms/single edges composing the path. 
We will use vr (possible with subscripts) to denote a path in the graph. For example, for a 
path between nodes X and Y we write, X y Where vr is understood to represent 

some h^, j G N. The path length, denote | 7 r|, is j. 

(ii) Downward edges, where for each equation of the form X =’ X^ + X 2 , we have directed 
edges from node X to node Xi and from node X to node X 2 . 

Definition 5.3. The path labeled propagation graph {CP) is a directed simple graph. Its 
vertices are the equivalence classes of the symmetric, reflexive, and transitive closure of 
the relation defined by on the CD graph for the same system. Edges exist between 
equivalence classes [X] and [T] if there exist variables U G [X] and V G [T] such that 
UYa V. 
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Note, that we can order the equivalence classes/nodes of CP. Let stand for the 
reflexive, symmetric and transitive closure of Thus defines a set of equivalence 
classes over a set of variables. Denote these classes as [T]^. The CP graph has exactly 
these classes as its nodes. We can define a strict partial ordering on the ~^-equivalence 
classes based on That is, if and only if there exist Ki € and K 2 G \X]h 

such that Ki K 2 , i.e., an edge from the node to the node [T]^. This ordering will 
be important as it provides an ordering strategy for applying the unification algorithm. 

These graphs, mainly the CP, will be the primary data structure and will be modified 
via the set of graph saturation rules. The rules are very similar to the original Tiden-Arnborg 
rules however they primarily act not on the set of equations but on the CP graph. This 
is due to the need for compression, where acting on a fully uncompressed set of equations 
results in the original algorithm. Note, that we still need the CP graph for detecting the 
set of non-unifiable systems. An example of this is the following set of equations. 

{X =‘^V + Y,X=- hiY)} 

The CP graph and the sum propagation graph of [22] (Definition 14.3p are the same for 
the single homomorphism systems. This is easy to see as both graphs will contain the same 
equivalence classes and thus nodes and both graphs have the same edges. Therefore, each 
time the algorithm updates the CP graph (i.e., the inference rules modify the CP graph) it 
also updates the CP graph and checks for cycles. Likewise, if cycles are found the algorithm 
terminates with failure. 

5.2. Algorithm Presentation. Before presenting the rules, we need to discuss several 
problems the algorithm needs to solve when dealing with compressed paths. During sat¬ 
uration we derive path constraints of the form vr^ =’ 712 or For the single homo¬ 

morphism case, because there is just one homomorphism, vr^ 712 is simply a check if the 
lengths are equal, i.e., if |7ri| = |7r2|. For the prefix check 7r;^^^7r2, in the single homomor¬ 
phism case we only need to check if the length of vri is less then 7r2, i.e., |7ri| < |7r2|. It is 
important to note that path lengths are kept in binary representation. This compression is 
significant as it allows us to avoid exponential growth in the path lengths. In addition to 
path constraints we will need to perform several path computations, specifically we need to 
concatenate paths and compute path sujjixes. These operations can be accomplished, in the 
single homomorphism case, by simple addition and subtraction. 

We now introduce a set of inference rules. Rule (0) acts on the system S and rules (i) 
through {vii) act on the CP graph of S. Rule (0) is simple variable replacement. Rules 

(i) - {Hi) are cancellation rules that follow directly from the rules of Figured] Rule {vi) is 
a failure rule that corresponds to occur-check type errors. Rules {iv), (v), {vii) are path 
completion rules. Rule {vii) is the same path propagation rule from the Tiden-Arnborg 
algorithm, justified by the axioms of the system; see Figure HI i'ule(d). However, in rule 
{vii) we do not create the new variables Wi and W 2 unless W has no child variables related 
along a >~a edge. 

Before giving the algorithm details let us give a high-level overview of the process. 

(1) The algorithm begins with a unification problem, S, in standard form. 

(2) From the set of equations S it generates the CP graph and from the CP graph it 
generates the CP graph. 

(3) Next the algorithm applies the set of “cancellation” inference rules. These are rules 
which do not create new edges or nodes in the graph and clearly terminate. 
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(4) The algorithm works in a top down ordering on the equivalence classes, using the 
relation to order the classes. Each class is “processed” using the inference rules. 
This is done by applying the rules to the nodes in CT> graph which are contained in the 
current “selected” class. 

(5) After each new class is processed the algorithm applies the cancellation rules and re¬ 
checks for any errors. 

(6) During this process two things can happen: 

(a) Cycles can be found in either graph implying non-unifiability. 

(b) The inference rules are exhaustively applied and no cycles occur, implying unifia- 
bility. 

The algorithm for the single homomorphism subcase is presented in Algorithm [H 

We next discuss the correctness and complexity of Algorithm [H most of these results 
will follow directly from [22]. 

5.3. Correctness. Correctness of the inference rules can be assured due to the correctness 
proof of the algorithm presented in [22| and the following lemmas. 

Lemma 5.4. Soundness of rules (i) through [vii) are direct consequences of the “sum 
transformation^ method of m and variable replacement. 

Proof. The soundness of the rules follow from Theorem l4.ll Therefore, we know that the set 
of equations {X ='^ YoZ, X Vo W}, where o is + or x, has the same solutions as the set 

^See Section |4] for the definition of sum transformation. 
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Algorithm 1 Unification modulo a Single Homomorphism 


(Input: A system of equations in standard form) 

(1: Generate data structures) Generate the graphs, CD and CP. 

(2: Clean up the system) Exhaustively apply the rules (0), (i), (ii), (in) and (iv). 

(3: Error checking) Apply graph cycle checking to the two graphs (i.e., rule {vi)). If 
a cycle is found stop with failure. 

(4: Process equivalence class) Select an equivalence class based on the strict partial 
ordering >h- That is, we select the largest element of >h that has not yet been processed. 
Thus, if we select the class [A]^ then there does not exist a class such that has 
not been processed and \Y]^ [^]h- Clearly, if >h is not a strict partial ordering then 

there is a cycle in the CP graph. 

First we apply rule (u) — this is done by starting with the sink node of the path and 
working back to the start node of the path. Once rule [v) has been exhaustively applied 
we apply rule {vii) if applicable. 

(5: Check if Complete) If no inference rules can be applied and no cycles exist, then 
exit with success, else return to Step 2. 


{A = • y o Z, y = ■ V, z=-w}, that the set of equation {A = ■ y x Z, X =■ V + W} has 
the same solutions, over the shared variables, as the set {A ='^ Y x Z, Z Ui + Ui, VE =’ 

y X Ui, y =• y X V2}. □ 

The CD, and CP, graphs are simply graphical representations of a system of equa¬ 
tions, which Algorithm [1] transforms by application of one or more of the inference rules. 
Lemma 15.41 ensures that each transformation is sound. It remains to be shown that if the 
algorithm terminates without failure then the system is indeed unifiable. 

Lemma 5.5. Given a system of equations S in standard form if no failure errors occur 
Algorithm [7] transforms S, through its CD graph representation, into dag-solved form. 

Proof. Let D be the final CD graph and consider the definition of dag-solved form. 

• The first condition is satisfied as each variable is represented by a node in the graph. If 
the left hand sides Aj were not distinct, then a cancellation or path propagation rule, 
{vii), could be applied. 

• The second condition is satisfied as the paths correspond to a distinct ordering and there 

are no cycles in the graph. Q 

Therefore, if the system is unihable the algorithm will report that fact. We need to show 
that if the system is not unifiable the algorithm correctly reports that as a failure. Directly 
from [ 22 ] we get the following two results. 

Lemma 5.6. Cycles in the CD graph for a system S in standard form imply that S is not 
unifiable. 

Proof. This is due to Theorem 14.41 which shows that the one-sided distributive axiom is 
subterm-collapse free. The constraint to a typed system does not remove the property that 
the system is simple. Therefore, a cycle in the CD graph will imply a cycle in the system 
of equations and a non-unifiablity error for a simple system. Q 
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Lemma 5.7. Cycles in the CV graph for a system S, in standard form, imply that S is not 
unifiable. 

Proof. The CV graph contains the same information, for the single homomorphism systems, 
as is contained in the propagation graph of [22] (Definition 14.31) . Both graphs will contain 
the same equivalence classes and thus nodes and both graphs have the same edges. The 
result then follows from Theorem 14.51 D 

Theorem 5.8. AlgorithmUlis correct. 

Proof. Follows from Lemma 15.41 to Lemma 15.61 D 

5.4. Complexity. First we get the following result from the cancellative nature of the rules 
(i) through {Hi). 

Lemma 5.9. Given a CD graph rules (O)-(zm) can only he applied a polynomial number of 
times with respect to the initial set of nodes in the graph. 

In addition, we get the following clear result. 

Lemma 5.10. Given a CD graph rule {iv) can only be applied a polynomial number of 
times with respect to the initial set of nodes in the graph. 

Lemma 5.11. Each equivalence class formed by closure along >-h-related nodes has a unique 
sink. 

Proof. If a class has no sink then there is a cycle and the system is not unifiable. Now 
assume we have at least one sink. Rules {Hi), {ii), {iv) and {v) ensure that each node can 
have at most one lateral outgoing edge. □ 

Lemma 5.12. Processing an equivalence class (Step 4) takes polynomial time with respect 
to the number of variables in the class. 

Proof. By rules (i) through {iv) each variable in the class will have at most one outgoing 
edge and all paths will lead to the sink. Applying {v) exhaustively starting from the sink is 
therefore bounded linearly by the number of variables in the class. In addition, {vH) is also 
bounded by the number of variables in the class as it can be applied at most once for each 
variable in the class. Moreover, it can create 2 new variables at most once for each class. □ 

Lemma 5.13. The number of equivalence classes for a system S can never increase. 

Proof. New variables created by rule {vH) don’t create new equivalence classes as they are 
added to pre-existing classes. □ 

Due to the fact that each equivalence class contains a single sink, by Lemma 15.111 we 
get the following. 

Lemma 5.14. A maximum of 2 new nodes can be added to an equivalence class from any 
one higher equivalence class. 

In addition by rule {vH) we get the following. 

Lemma 5.15. During processing the number of paths added to a equivalence class from 
a higher, by >h, equivalence class cannot exceed the number of nodes in the lower equiv¬ 
alence class. 
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Combining the above results we get the following. 

Theorem 5.16. The running time of Algorithm{J\ is polynomial with respect to the initial 
set of equations. 

Proof. Processing an equivalence class is polynomial bounded by Lemma l5.12l 
By Lemma 15.141 and Lemma 15.151 the classes can only grow by a constant amount as each 
class is processed and by Lemma 15.131 the number of classes cannot increase. D 

This section covers a decision algorithm for the single homomorphism subcase. The 
obvious extension to this problem results in the multiple homomorphism problem. In the 
multiple homomorphism case we may have a finite set of variables of type ri but we can still 
consider them as homomorphisms hi,... ^h^. Although we do not go into any more details 
here, the multiple homomorphism case is also interesting. Unlike the single homomorphism 
case compression is needed for the multiple homomorphism case. This is due to the fact that, 
unlike the single homomorphism case, the label variables are not the same and therefore 
just keeping the path lengths is not sufficient. But, the multiple homomorphism case does 
not require all the methods presented in the next section for the general case, due to the 
type system, i.e., labeled variables cannot also be nodes in the CD graph. 

6. General Algorithm 

We now consider the general problem, with no type system. Let us give a brief overview of 
the section. 

Section Summary. 

• We begin with a discussion on why the string compression methods are required to achieve 
a polynomial bound, Example 16.11 

• We next introduce the new graph data structures in Section 16.II 

• Section 16.21 provides a high-level overview of the new algorithm. 

• Section 16.31 presents the new algorithm. 

• Section 16.41 discusses issues with label variables which are a key difference between the 
general algorithm developed in this section and the Single Homomorphism algorithm 
developed in the previous section. 

• Details on the SLP operations used in the algorithm and their complexity is covered in 
Section 16.51 

• Correctness is proven in Section 16.61 and 16.71 

• Finally, the complexity proof is covered in Section 16.81 

Example 6.1. One consequence of this new graph interpretation is that the label variable 
paths, if not compressed, could grow exponentially in length with respect to the initial set of 
label variables. This can be seen using the same example used to prove the exponential result 
in Section m cr(n). If the algorithm presented below (without compression) is applied to the 
system cj(n), we do not get an exponential number of applications of the sum transformation; 
rather we get label paths of exponential length. The growth is due to the path string being 
copied and then doubled at each consecutive level. Although this doubling of the string 
leads to the exponential growth, it also requires the re-use of the string and this suggests 
the use of string compression. Therefore, we keep each of these paths compressed in the 
form of straight line programs. 
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Consider again the cr(0) system and assume there is a single label variable, a, for the 
initial system. If Algorithm [2] is applied but does not use string compression the final length 
of the string labeling the longest path at level n will be 2” — 1. In (j(0) (Figure [5]) this is 
2^ — 1 = 3. For larger n the result is undesirably long paths, as seen in Figure [6l However, 
these strings can easily be compressed via a SLP. 


a 



Figure 5: Exponential path length, initial graph 


a 



Figure 6: Exponential path length, final graph 


6.1. Data Structures. As in the single homomorphism case we interpret the equations of 
a unihcation problem as graphs. 

Definition 6.2. we define the following relations: 

• X yr,Y if X = Z xY. 

• X Z if X = Z xY. 

• X ^mY X yi^Y or X Y. 

• X >-i^Y if X = Y + Z. 

• X ^r+ Z if X = Y + Z. 

• X^aZiiX = Y + ZoiX = Z + Y. 

We denote the transitive closure of a relation R as R'^. 
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Definition 6.3. A path labeled dependency graph {CD) is a directed graph such that the 
nodes in the graph correspond to variables of the unification problem S. We form three 
kinds of edges: 

(1) Lateral Edges, where for each equation of the form X =’^ Z xY, we have an 
edge from node X to node Y labeled with the top nonterminal of a SLP generating the 
label variable, Z. Label variables are kept as straight line programs, where the terminals 
corresponds to the label variable. Each label variable, Z, is given a unique single production 
SLP. Therefore, lateral edge and path labels correspond to the top nonterminal of the SLP 
generating the label variables corresponding to those edges. 

We denote a path and its label, tt, of one or more lateral edges between nodes X and Y 
by X CP). Y. Eor the general case paths are the composition of any number of the label 
variables. A path vr is notation for a path Xi, ..., A„ for some n € N and is kept altogether 
compressed as a SLP. Therefore, X y corresponds to the equations X -k xY and 
is a compact representation of the equation 

X XiX X 2 X ...X XnXY 

where the string generated by vr is of the form Xi ■ X 2 •... • X^ 

(2) Downward Edges, where for each equation of the form X X^ + X 2 , we have 
directed edges from node X to node Xi and from node X to node X 2 . 

(3) Relation Edges, where for each node X in the graph such that there exists a path 
X CPf. Y and for each terminal/label variable Ki in the SLP vr, we have a single edge 
from X to the node Ki in the graph. 

These edges will only be used for cycle checking and could even be generated just before 
the graph is checked for cycles in the algorithm. 

We explain several points below that should help clarify the need for such a graph. 

• The initial CD graph will be built from an initial unification problem, S, in standard form. 
That initial graph will not have any composite paths labeled by a SLP with more then 
one production. The composite paths will be added later by the algorithm. In addition, 
when constructing the CD graph each variable X from the set of label variables is given 
a unique SLP. For example, a label variable X would be given a SLP ttx X and all 
lateral edges formed by an equation with X as the label variable would be labeled by ttx- 
This implies that different lateral edges can have the same edge label. For example, in the 
CD graph of Figure [7] the edges X ^ Y and L 2 —> L 3 have the same SLP label because 
they used the same label variable in the equations X Zi x Y and L 2 Zi x L 3 . 

• The algorithm presented later will build up the composite paths and unlike in the initial 
graph it will not in general be the case that for a X CL^ y all the terminals (label 
variables) in vr are related to X. This is the reason for the additional “Relation” 
edges. 

• Lateral Paths are kept as SLPs because if not kept compressed the paths could grow 
exponential in size, during running of the algorithm. By keeping the initial label variables 
as SLPs when we build longer composite paths we can create the new SLP labels by 
“concatenating” the SLPs. 

• The Relation edges are only needed during graph cycle checking operations required by 
the algorithm. Thus, as the information about these edges is maintained by the set of 
terminals for each SLP, we will just generate these edges before cycle checking. 
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Example 6.4. Let us consider an example CD graph for the following system of equations 
(re denotes relation edges). 

X =■ -h X2, X =• TTl X y, Y =■ 772 X L, L =• Li + L2, Li =• TTg X X, =’ TTl X L3 

where the SLPs are: vri —)• Zi, 1^2 —>■ X2 and 775 —)• 773774, 773 —>• 772772, 774 —)• 77 i 77 i. The 

corresponding CD graph is given in Figure [71 

Definition 6.5. The path labeled propagation graph CP is a directed simple graph. Its 
vertices are the equivalence classes of the symmetric, reflexive, and transitive closure of 
the relation defined by on the CD graph for the same system. Edges exist between 
equivalence classes [X] and [T] if there exist variables U G [X] and V G [Y] such that 
UYa V. 

Similar to the typed case we can order the equivalence classes/nodes of CP. Let 
stand for the reflexive, symmetric and transitive closure of Yrf Thus defines a set of 
equivalence classes over a set of variables. Denote these classes as \Y]^. The CV graph 
has exactly these classes as its nodes. We can define a strict partial ordering on the 
~^-equivalence classes based on That is, [X]^ [T]^ if and only if there exist Ki G [X]^ 

and K2 G \Y\^ such that Ki K2. This ordering will again be important as it provides 
an ordering strategy for applying the rules of the unification algorithm. 

Again, we also need the CP graph due to a specific type of non-unifiable system. These 
are systems that require infinite unifiers but will always cause a cycle in the CP graph. An 
example of this is the following set of equations. 

{X =■ Xi + X2, X =• y X X2} 

Lemma 6.6. Let S be a system of equations with variables U,W in S such that U W 
and U Yr, bF- Then S is not unifiable. 

Proof. This system can be seen to cause a cycle not only in CV but also in P{S) (see 
Definition 14 . 31 ) . This is due to forming the equivalence classes by closure along related 
nodes. It is shown in [ 22 ] Lemma 11 , if P{S) contains a cycle there is no unifier for the 
system S (See Theorem 14 . 5 p . □ 

Each time the algorithm updates the CD graph it also updates the CV graph and checks 
for cycles. Likewise, if cycles are found the algorithm terminates with failure. 

It can be seen that the propagation graph of m and the CV graph are the same. This 
is due to fact that both graphs contain the same equivalence classes and equivalent edges 
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Figure 8: LP graph example 

between the classes. Figure [8] is an example CP graph for the same set of equations used 
to form the graph of Figure [71 

The algorithm will work by “saturating” the graphs. A set of transformation rules is 
used to either convert the graph into a solved form or detect a cycle in the graph. The 
hrst case implies unihability and the second non-unifiability. During saturation we derive 
path constraints of the form vr^ =’ 7r2 or 7r]^^’7r2. The constraint 7r^^’7r2, is a prehx check 
(i.e., whether the string produced by the SLP vri is a prefix of the string produced by the 
SLP 7:2) and vr^ =’ 712 , similarly, is an equality check. In addition to path constraints we 
will need to perform several path computations: specifically we need to concatenate paths, 
compute path suffixes and hnd a single pair of mismatched terminals in two equated SLP 
produced strings, all without decompressing the SLPs. 

6.2. High Level Overview. Before giving the inference rules and algorithm details let 
us give a high-level overview of the process. The algorithm works based on the idea of 
collecting equations into sets. Each set correspond to the equations forming one of the 
equivalence classes. We can then order the equivalence classes in such a way that if we 
proceed top down in this order, converting each set into a solved form (processing), we 
do not have to revisit any class. This combined with the fact that we don’t create new 
classes requiring processing provides us with a well defined structure for the execution of 
the algorithm. Briefly, the algorithm proceeds as follows: 

• The algorithm begins with a unihcation problem, S, in standard form. From the set of 
equations S it generates a graph interpretation, the CD graph and makes note of the set 
of label variables, V. Note that this process does not discard S. From the CD graph the 
algorithm generate the CP graph. The nodes of the CP graph are the equivalence classes, 
each of which corresponds to a set of nodes from the CP graph. 

• Next the algorithm reduces the graph to a normal-form by applying the set of cancellation 
inference rules. These rules are applied to the entire system which results in a system 
where no additional cancellation rules can be applied. All of these rules work directly on 
the CD graph, except rule (0) which works on the set S. 

• Next the algorithm selects an equivalence class to process based on the class ordering. 
It then applies a set of rules on the nodes of the CP graph which correspond to that 
equivalence class. The effect of these rules is to transform the equivalence class into a 
compressed solved form. 

• This process is repeated along with error checking, each time reducing the number of 
classes remaining to be processed. 
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• Finally, it could happen that during the process two label variables are equated. If this 
occurs the algorithm updates S with the new equality (rule (0)), rebuilds the two graphs 
and the process of processing equivalence classes is restarted. Since there is only a finite 
number of label variables, which cannot be increased, each time two label variables are 
equated the number of label variables is reduced. Therefore the total number of times 
the process can be restarted is equal to the initial number of label variables in S. 

6.3. Algorithm Presentation. We first present the set of inference rules (Fig [9]) for a 
unification problem S in standard form. The rules are applied to the graph TP, except rule 
(0) which is applied to S, and as that graph is updated the TP graph is updated. 



Figure 9: Inference Rules for the One-sided Distributivity Decision Procedure. 
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Rule Zero. Rule (0) is simply a variable replacement rule but it has a special action on label 
variables: if a label variable is equated to a non-label variable, then the non-label variable 
is replaced by the label variable. This rule acts directly on the system S by doing variable 
replacement whenever there is an equation between two variables. That is, for an equation 
of the form U = V between two variables, the rule replaces all occurrences of R in S' with U. 
If one of the variables is a label variable, say V, and one is not, say U, then the non-label 
variable is replaced in S by the label variable. So in this example, all occurrences of U are 
replaced by V. Therefore, after any variables are equated, we apply this rule eagerly. Note, 
whenever a rule creates an equation of the form X Y, those two nodes in the graph are 
equated and rule (0) applies that equation to the set S. Therefore, rule (0) is the only rule 
that acts on and changes the set of equations S. All other rules modify the two graph data 
structures. 

Rule (i) is due to the cancellative nature of the -|- operator and directly corresponds 
to the canceling operation in [22] (see Figured]). Rules (ii), (Hi) and {iv) are due to the 
cancellative nature of x ([22]). Rules (v) and (vi) check the path constraints and attempt 
to find label variables that have to be equated in order to satisfy the path constraint. These 
rules and rules {iv) and (x) are explained in more detail in Section 16.51 Rules {vii) and 
{via) directly correspond to the splitting rule (Rule (d) of Figured]) of [22] and are direct 
consequences of the distributive axiom. These two versions are just modifications to work in 
the modified graph setting. The difference between the two rules is that rule {viii) creates 
new variables {Wi and W 2 ) and rule {vii) does not. Rule {ix) is a failure rule, which 
corresponds to detecting a cycle in the graphs in the Tiden-Arnborg algorithm. Finally, 
rule {x) is a path completion rule, justified by the soundness of variable replacement. This 
rule is also responsible for building the SLPs with more then one production. The rule 
creates a new SLP, r, corresponding to the “concatenation” of the two SLPs tt and p. 
More details on rule {x) are given in Section [6.51 

We also keep and update the length of the string each SLP generates. Note, that 
this information can be efficiently computed in a bottom up manner for any SLP since 
productions ending in a terminal symbol have string length 1 and productions with two 
non-terminals have length equal to the sum of the lengths of the strings generated by the 
two non-terminals. However, since we build our SLP bottom up we can keep track of this 
information using simple addition and subtraction when constructing new SLPs through 
concatenating and taking the suffix. 

Algorithm [2] uses the following notation. Let ri and r 2 denote inference rules. Then, 
r\ indicates exhaustive application of the rule ri. The composite rule r[r 2 means, apply ri 
until it cannot be applied any more and then try to apply r 2 . Note that even if ri cannot 
be applied the rule r[r 2 can still be used if r 2 can be applied. Thus does not indicate 
that ri must be applied but rather that if ri can be applied we do so exhaustively, ri -|- r 2 
indicates choice: apply rule ri or rule r 2 . Therefore, the last composite rule in Algorithm [2| 
implies that rule {vii) has the lowest priority and that rule {viii) is only applied once in 
the processing of a single equivalence class. 

Algorithm [2| is presented above. Let us now give some additional explanation of what 
each step accomplishes before proceeding to the proof details. 

(1) The first generates the two data structures needed to check error conditions. 

^Again, if >r is not strict partial ordering there must be a cycle in the CV graph 
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Algorithm 2 One-sided Distributive Unification 


(Input: A system of equations in standard form) 

(1: Generate data structures) Generate the 2 graphs, CD and CV. Make a note of 
the initial label variables in S] denote this set as V. 

(2: Clean up the system) Exhaustively apply the following composite rule: 

{Q + i + a + Hi) 

(3: Error checking) Apply graph cycle checking to the graphs (i.e., rule {ix)). If a 
cycle is found stop with failure. If the graphs have no cycles and are in dag-solved form, 
exit with success. 

(4: Process equivalence class) Select an equivalence class based on the strict partial 
ordering >r. That is, we select the largest element of >r that has not yet been processed. 
Thus, if we select the class [X]^ then there does not exist a class \Y]^ such that \Y]^ has 
not been processed and [^]B 

Process the selected class using the following composite rule: 

iv -|- vi){iv)' {x)' (viii){vii)' 

Rule (x) is applied by starting with the sink node of the path and working back to the start 
node of the path. Rule {iv) is applied based the partial ordering, starting from the 
source nodes and working down to the sinks. In addition, if rule (v) or rule (vi) is applied 
label variables will be equated. 

(5: Checking) If any of the variables in V are equated go back to Step 1 else go back 
to Step 2. 


(2) Step two consists of an exhaustive application of the “cancellation” inference rules, 
i.e., rules (0), {i), {ii), {in). These rules are the simplest rules as they either reduce 
the number of variables, rule (0), or reduce the number of edges in the graph, rules 
(i), {ii), {in). In addition, the rules don’t create any new SLPs or edges. By applying 
these inference rules first we reduce the problem to a “normal-form”, where change can 
now only occur via rules {iv) — {x). Some of the rules must check equality between 
SLP, which can be done in polynomial time, see section 16.5.21 Lemma 16.131 shows that 
the inference rules are sound and Lemma 16.251 shows that this step of the algorithm is 
polynomially bounded. 

(a) Note that redundant edges are removed by rule {in). That is, if there are two edges 
X ^ Y, X Y and rj = n 

Then, rule {in) will remove one of the redundant edges. 

(3) Step three is an error checking step which corresponds to the cycles checking of the two 
graphs. The correctness of the step is due to the fact that the system is simple and 
therefore cycle, or occur-checks, are errors. See section [6^71 for full proofs. 

(4) Step four is the step responsible for processing equivalence classes and corresponds to the 
application of the inferences rules {v), {vi), {iv), {x), {viii) and {vii) in a specific order. 
The order that rules are applied is important as it ensures that the number of steps 
required to process any equivalence class is bounded by a polynomial, see Lemma 16.261 













22 


A. M. MARSHALL, C. MEADOWS, AND P. NARENDRAN 


(5) Step five checks to see if any label variables were equated and if so, it goes back to step 
one, where we rebuild the graphs. This is done to ensure we don’t miss any variables 
which are part of the compressed labels. Since the number of label variables is reduced 
at each application, Lemma 16.81 shows the number of times this can happen is bounded 
by the initial number of label variables. 


6.4. Label Variables. We need several results about the label variables and their interac¬ 
tion with the new variables. Let Vo denote the set of initial label variables for a system S 
and V the set of label variables at any point during the application of Algorithm [2j Let Z 
denote the set of fresh variables created by rule (viii) during application of Algorithm [2j 

Lemma 6.7. During and after the application of Algorithmic V H 21 = 0. 

Proof. By the dehnition, it is not possible to apply rule (0) such that a newly created 
variable is made a label variable. The only way to make a new variable a label variable 
is to create a new lateral edge and make its label a new variable. The rules creating new 
lateral edges are {iv), [vii) and {viii). But, the labels of these edges are all composed of 
pre-existing label variables. □ 

Lemma 6.8. During and after the application of Algorithm IC on a system S in standard 
form, \V\ < |Vo| 

Proof. Follows directly from rule (0) and Lemma 16.71 D 

Actually we can get a similar result for the original Tiden-Arnborg algorithm if we 
also assume that variable replacement in that algorithm replaces newly created variables 
by original variables. Stated more precisely we get the following lemma. 

Lemma 6.9. Let V; denote the set of left multiplication variables, i.e., Z £ Vi iff there 
exists an equation of the form X = Z x Y for some variables X and Y. Let Sum denote 
the sum transformation operation as defined in [22] (See Section 0 to recall the definition). 
Also, assume that if a pre-existing variable is equated to a variable created by Sum, the new 
variable is replaced by the pre-existing one. Then it is never the case that a new variable 
created by Sum is in V; . 

Proof. The Sum operation does not create new left multiplication variables. Therefore, the 
only way to get a new variable Z into Vi is by equating it with a variable already in V;. D 

Thus, we can assume that there will never be an equation of the form X = Z xY, 
where Z is a fresh variable created by Algorithmic 

6.5. Graph and SLP Operations. We hrst examine the problem of graph cycle checking 
and then we cover the details of the SLP operations. 
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6.5.1. Graph Cycle Checking and Updating. The CD graph is updated by the algorithm as 
the inference rules operate on it. The CP graph is built from the CD graph and thus can 
be updated after updating the CD graph. We note that the CD and CP graphs can use 
standard cycle checking algorithms. With the additional observation that we can add the 
relation edges in polynomial time with respect to the number of nodes in the CD graph, we 
get the following Lemma. 

Lemma 6.10. The CP and CD graphs for a system S in standard form can be checked for 
cycles in polynomial time with respect to the size of S. 


6.5.2. SLP Operations. Algorithm [2] requires the use of some type of string compression due 
to the need to keep path labels from growing exponentially. But, we still need to know how 
the label variables are related along paths, e.g., for error checking. Therefore, we cannot 
just keep a set of the variables forming the path, the terminals of the SLP, because this 
removes essential information. We first examine how the SLP are formed and then we will 
discuss how the operations are used by each rule in Algorithm [2] along with a presentation 
of their complexity. For convenience, Table [T] gives a listing of the SLP algorithms required 
by Algorithm [2] and a listing of where polynomial time algorithms have been developed 
and studied for that problem. See [Hillg] for surveys on algorithms on compressed strings, 
including SLPs. More details are given in the following discussion 

Forming SLPs. We first encode the label variables as SLPs. Each unique label variable is 
encoded as a unique SLP. For example, when creating the CD graph for two equations 
X =■ Y * Z and K = Y * L only one SLP is created, vry ^ Y, and two edges are labeled 
by that SLP, i.e., by the top nonterminal vry. Then, larger or additional SLPs are formed, 
bottom up, by the inference rules (x) and (iv). In addition, we only keep a single copy of 
each unique SLP. This implies we only keep the set of all productions. When creating a 
new larger SLP we need only create a new top production. For example, if we have two 
pre-existing SLPs iXi and tTj that we wish to concatenate we don’t need to duplicate all 
the productions; simply adding a top production —>■ vTjVTj to the set of productions is 

sufficient. Likewise, when constructing a suffix, we may need to create new productions 
that are added to the set of productions but we do not delete the productions contained 
in the prefix since they generate other SLPs. Note that rules {vii) and {viii) don’t create 
new SLPs but just use pre-existing ones. 


SLP operations required by Algorithmic 

Reference to Polynomial Algorithm 

The concatenation of two SLP 

lamiEi] 

SLP equality 

[la iisi Eoi [ig 

SLP prefix and suffix 

ns El El [12] 

Find one pair of non-equal terminals in a pair of 
non-equal SLPs 



Table 1: Algorithms for SLP Operation 
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Using SLPs. We now examine the SLP operations used by each rule and their complexity. 
Rule (x): Rule (x) forms a new SLP by concatenating two existing SLPs. Rule (x) is 
applied by starting with the sink node of the path and working back to the start node. 

This ensures a minimal number of applications of rule (x). To concatenate two SLPs, 
I = {Ti,Nj,Pi) and J = (S, A^j, Rj)]^ we create a new SLP, K = {Ti, Nk, Pr)- Let tt/ 
and TTj be the top nonterminals of I and J respectively. Then, Nk = Nj U Nj U {vr^} 
and Pr = P/ U Pj U {ttr —>• tt/ttj}. This is a simplified version, with just two SLPs, 
of the method presented in |12] . for concatenating n strings. There it is shown, by a 
constructive proofjl that the SLP, G, generating the new string satisfies |G | < |G| + n — 1 
and depth{G ) < depth{G) + \log{ny\. Rule (x) is just concatenating the SLPs but we could 
also balance the resulting SLP. It is shown in [20] that for a SLP, G, generating a text 
of length m with n rules we can construct a SLP, G', in 0{n log{m)) time, such that G' 
has a depth of 0{log{m)) and 0{n log{m)) rules. This could improve results which depend 
on the depth of a SLP. However, for our purposes we will use the simple concatenation 
method as it is sufficient for our results and allows for a simpler complexity analysis. The 
following result easily follows. 

Lemma 6.11. Let I = {T,,Ni,Pj) and J = {T,,Nj,Pj) be two SLPs. Then we can 
construct in linear time, without decompression, a SLP K = {Jl, Nk, Pr) that generates 
the concatenation of the two strings generated by I and J such that \K\ = \Pi U Pj\ + 1 and 
depth{K) < max {depth{I), depth{J)} + 1. 

Additional algorithms and notes on concatenation can be found in ncnEoi. 

Rules {ii) and (Hi): These two rules require that we can decide if two compressed strings 
are equal, tti =■ 7 r2. The area of fully compressed pattern matching is an active area and 
there are many algorithms that will solve this problem in polynomial time (O(n^) time for 
a SLP of size n [l3]). We cite the following, non-exhaustive, list of papers for excellent 
algorithms; [ISKiniEailS]. 

Rule (iv): We can partially order the nodes in each equivalence class based on the lateral 
edges, i.e., based on the relation. Rule (iv) is applied based on this partial ordering, 
starting from the source nodes and working down to the sinks. 

We do not apply rule {iv) to a node X if rule {iv) can be applied to a node Y such that 
there is a lateral path from Y to X. Rule {iv) requires that we can decide if one SLP tti 
is a prefix of an SLP 1 x 2 , Y' '^ 2 , in polynomial time with respect to 7r2. This problem 
has been solved in [T3|, 0{n^) time for a SLP, 1 x 2 , of size n. We also need to extract the 
suffix in compressed form, 1 x 3 = txi~^tx 2 . Because we build the SLPs bottom up and keep 
the length information. A simple polynomial-time recursive algorithm can accomplish this. 
See also |ail2l[l3l[2l] for additional efficient methods for computing the suffix (and prefix). 
For example, it has been shown in m that if G is a SLP generating the word v, then for 
any suffix v' there exists a SLP G' that generates v and satisfies \G'\ < |G| -|- depth{G) 
and depth{G ) < depth{G). For completeness a simple, but polynomial, suffix algorithm is 
presented in Appendix A and from this algorithm we have the following result. 

Lemma 6.12. Let I = {T,,Ni,Pj) and J = {Ti, Nj, Pj) be two SLPs such that the string 
generated by J is a prefix of the string generated by I. Then, in G(|/|^) time a SLP 

^ For every SLP the set of terminals will be a subset of E, the initial set of label variables. 

^ We have replaced “singleton context free grammar” with SLP in the statement, just to stay consistent 
with the naming in this paper. 
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K = (Ti, Nk, Pk) can be constructed that generates the suffix of I after removing the prefix 
J such that \K\ < |/| + depth{I) and depth{K) < depth{I). 

Rules (u) and (vi): These rules handle the situation where two label paths should be equal, 
or one a prehx of the other, but are found not to be. We then need to check if they can 
be made equal. We accomplish this by finding at least one pair, {X,Y), of terminals (label 
variables) in the corresponding SLPs such that these terminals form a mismatch, X . 
One pair will do for each application of the rule because by the cancellative nature of x, 
all mismatched pairs of terminals must be equated. Therefore, we do not have to try all 
different combinations of setting pairs equal or unequal. It is sufficient to select the first 
mismatch, equate the variables and construct the resulting new problem. Note that we 
are finding a single pair of terminals that form a mismatch in the string, not finding all 
the positions where the strings generated by the SLPs differ, a NP-hard problem m)- 
In [ 8 ] the authors have developed a nice polynomial, 0{n^), algorithm for finding the first 
mismatch. A mismatch can also be found using the algorithms in [lans] or by a simple 
recursive algorithm, using the SLP equality algorithm of m as a subroutine. The result 
is a simple O(n^) algorithm, n being the size of the largest SLP. 

The way rules (v) and (vi) work in Algorithm [2] is if in the CD graph one of the rules is 
satished, then a pair of label variables will be found (by the SLP algorithm) and equated 
(through the use of rule (0)). This will cause the set of label variables, V, to be reduce 
and thus the number of label variables in the system S to be reduced. The algorithm then 
returns to step 1 and rebuilds a new CD graph from the newly modified system. 

6.6. Correctness. We now examine the correctness of the above algorithm. Rather then 
reconstructing all the proofs from “scratch” we can reuse some result proven by Tiden and 
Arnborg since we are working on a compressed version of the original algorithm. 

Lemma 6.13. The non-failure rules of Algorithmic maintain the set of unifiers. 

Proof. The new rules are essentially equivalent to the original set of rules, only modified to 
work on a compressed version of the problem. This can be seen by considering a path 

X Z 

and remove the compression. The path is a graphical representation of the equation. 

A =• vr X Z 

where the string generated by vr is of the form Xi ■ X 2 ■ ... ■ Xn, for some label variables 
Ai,..., Xn. This is a compressed form of the following equation. 

A =■ Ai X Aa X ... X A„ X Z 

This was constructed from n equations in standard form using variable replacement. These 
equations are of the form 

A =• Ai X Ai, Ai =• Aa X Aa, ..., A„_i =' A„ x Z 

Therefore, the result follows from Theorem O which is proven in [22]. Let us now 
examine the rules. 

• Rule (x) and rule (0) follow from variable replacement. 

• Rule (i) follows from Theorem 14.11 part 1. 
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• Now consider rules (ii) and {iii), since vr = r/, these rules follow from |7r| applications of 
Theorem O part 1. The same holds for rule {iv) except that r/ is a prefix. 

• Rules (u) and (vi) also follow from Theorem O part 1 because by part 1 all the label 
variables in vr would have to be equated to the corresponding variables in r], so we are 
safe in selecting one pair. More specifically, consider two paths and (u). 

X ^ Z, X ^ Z 

correspond to two equations, uncompressed 

X =’ Xi^ X Xi^ X ... X Xi^ X Z, X =’ Xj^ X Xj2 X ... X Xj^ x Z 

Both could be expanded out into standard form and by applying Theorem 14. II part 1 we 
equate each pair X^ = Xj^. 

• Finally, rules (vUi) and [vii) follow from Theorem 14.11 part 2. Q 

Note that rule {ix) is a failure condition that is handled by cycle checking the graph. 

Lemma 6.14. If Algorithmic exits with success on a system S in standard form, then S is 
unifiable. 

Proof. The result follows from Lemma 16.131 and the fact that the set of inference rules 
transforms S into a dag-solved form, which implies unifiability [7]. This can be seen by 
examining the set of rules and the definition of dag solved-form. 

Part (a) is satisfied because if there existed some Xi such that Xi ti and Xi =’ t 2 (for 
terms ti and t 2 ) one of the inference rules would be applicable. 

Part (b) is satisfied because there are no cycles in the graph and thus the equations can be 
arranged in the proper order. Q 

Lemma 6.15. If Algorithmic terminates with failure on a system S in standard form, then 
S is not unifiable. 

Proof. Follows from Lemma 16.171 Q 

From these results we get the following. 

Theorem 6.16. The decision Algorithmic is correct. 

Proof. Follows from Lemma 16.141 and Lemma 16.151 D 


6.7. Failure Conditions. Graph cycle checking is employed to detect failure conditions. 
We argue in this section that if a cycle is found this corresponds to a non-unifiable system. 

Lemma 6.17. A system S in standard form is not unifiable if there exists a cycle in any 
of the corresponding CV or CD graphs for that system. 

Proof. We consider the following cases: 

Case 1: Assume that the CD graph for a system S contains a cycle. Then the cycle was 
created by zero or more applications of the inference rules and implies that a variable is a 
proper subterm of itself. By Theorem 14.41 these cycles correspond to non-unifiable systems. 
Case 2: Assume the the CD graph for a system <S contains a cycle. This implies there is 
a cycle between the equivalence classes. It is shown in m that cycles between 

equivalence classes of this form correspond to non-unifiable systems due to the need for an 
infinite uniher (see Theorem 14.51) . D 
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Therefore, if cycles are found we can safely conclude that the system is not unifiable 
and return an error. 

Finally, one could ask if some infinite systems (of Lemma 16.61) that are found in the 
algorithm of [ 22 ] could be missed by the current algorithm due to not creating the same 
number of new variables. This is shown not to be the case in the following lemma. 

Lemma 6.18. Cycles in the sum propagation graph of [22] for a system S in standard form 
imply cycles in the CP graph for S. 

Proof. Clearly if the cycle exists in the initial system or is created by one or more applica¬ 
tions of the cancellation rules (a)-(c) then the same cycle will be created in the CV graph. 
Thus, assume the the cycle is created by creating new equations by rule (d). That is, by 
rule (d) the following equations are created 

X =■ + X2, X =■ X3 X X4 

where Xi,... ,X 4 are newly created variables. But, then we need to equate X 4 and X 2 . 
Equating variables can only happen through rules (b) and (c) and would require two pre¬ 
existing equations of the form X =’ Li -|- L 2 , X L 3 x L 2 but this is already a cycle in 
the CV graph. □ 


6.8. Complexity. We establish the polynomial time bound in this section. 

Lemma 6.19. The number of equivalence classes never increases. 

Proof. Rule {viii) is the only rule that creates new variables but these variables are contained 
in pre-existing equivalence classes. D 

Lemma 6.20. The number of sinks in any equivalence class after processing is at most one. 
Besides, every non-sink node in the class has exactly one outgoing edge. 

Proof. If there is no sink in the class, then this implies a cycle and thus a non-unifiable 
system. Therefore, let us assume there is no cycle and thus at least one sink. In addition, 
there must be at least one source node. It can be seen that rules (ii), (Hi), (iv), {v) and 
{vi) ensure that all the nodes in the class have at most a single outgoing edge. D 

We now prove several small results about new variables and new lateral edges that will 
be useful in the complexity result. 

Lemma 6.21. The maximum number of new variables added to the system S is equal to 
twiee the number of equivalenee elasses. 

Proof. Rule {viii) is the only rule that can add variables and this rule can only add two 
variables for each sink. By Lemma fb. 201 there is a single sink for each class. By Lemma [6.191 
the number of equivalence classes never increases. Rule (viii) adds two new variables to a 
lower class for each sink in the upper class. A class is only processed one time, thus the 
number of variables that can be added is double the number of equivalence classes. D 
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Lemma 6.22. Let be a ^^-equivalence class. Assume there exist K equivalence 
classes one level above [X]^ by the >r ordering. Denote the K classes as Ci,C 2 ,... ,Ck 
and assume that each class Ci contains Ui variables, such that Nk = Then the 

total number of lateral edges added to [X]^ by the K higher classes is < 

Proof. Processing each Ci will produce Ui — 1 edges in Ci each connecting one node to the 
sink of that class. If each of these edges is propagated down by rule (vii) or rule (viii) each 
class could add a total of 2(nj — 1) edges to [X]^,. Doing the sum we get that the K higher 
classes could add no more then 2Nk — 2K edges to [X],,. □ 

Lemma 6.23. The maximum number of lateral edges added to any ^^-equivalence class of 
a system S in standard form is 0(Vo + M), where Vq is the initial number of variables in 
S and M is the number of equivalence classes. 

Proof. Follows from Lemma 16.221 Q 

These last two lemmas give a bound on the number of edges added to a class from an 
outside class, using rules {vii) and {viii). We now need to consider the edges added to a 
class during the processing of the class itself. 

Lemma 6.24. Let [X]^ be a ^^-equivalence class. The number of lateral edges in [X]^ does 
not increase during application of step (2) or step (4). 

Proof. This follows from the set of inference rules. Rules {vii) and {viii) only create edges 
at a lower equivalence class. The only rule creating a new edge inside the class is rule {iv). 
But rule {iv) also deletes an edge, thus leaving the number of lateral edges unchanged. □ 

Lemma 6.25. The number of inference rule applications used during a single application 
of step (2) of Algorithmic is bounded 0{N -\-E), where N is the number of variables/nodes 
and E the number of edges in the CD-graph at the start of step (2). 

Proof. Clearly rules {i) - {Hi) are linearly bounded by the number of edges and (0) by the 
number of variables. □ 

Lemma 6.26. The number of inference rule applications used to process a single equivalence 
class, Ci, (step (4) of Algorithmic is bounded by 0{Ni*Li) where Li is the number of lateral 
edges and Ni the number nodes in the class Ci being processed. 

Proof. Rules {v) and {vi) will equate label variables therefore by Lemma 16.81 the number 
of times they can be applied is equal to the number of label variables. Rule {viii) can be 
applied at most once for each class. Rule {vii) can be applied once for each variable in the 
class. Rule (x) is applied by starting with the sink node of the path and working back to 
the start node of the path, thus if there are I edges in the equivalence class at the start of 
the application of rule (x) it will be applied at most I times. In addition because at the 
start of the application of rule (x) every node, but the sink, has at most one outgoing lateral 
edge the number of application of rule (x) is also bound by n — 1, where n is the number of 
nodes in the class. 

Let us now consider rule {iv). Let k be the number of edges of the equivalence class 
Ci to be processed, including edges added from higher classes, and let n* be the number 
of nodes in Cj. Let us also denote a node for which rule {iv) is applicable as a (iu)-peak. 
That is a (iv)-peak is a node, X, with two edges leaving X such that the inference rule {iv) 
is satisfied. Note that a single node can form more then one (iu)-peak. Now, if we apply 
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rule (iv) to each node X forming a (iu)-peak, based on the lateral edge partial ordering 
(by until X is no longer a peak we have removed X from the set of nodes forming 

(iu)-peaks. The number of times we can apply rule (iv) to each node is bounded by the 
number of edges leaving that node. It can be seen that each application of rule {iv) removes 
a (iu)-peak but could add a new (iu)-peak. But, the new (iu)-peak will be lower in the 
>-r* path from the initial (iu)-peak node to the sink. As each path must end in a sink the 
number of these new peaks is naturally bounded by the length of the path. In addition, 
because rule (iv) both removes and adds and edge it can not increase the number of peaks. 
Therefore, we can make the following worst case assumption. Assume that rule {iv) can be 
applied li times to each node. Then, as rule {iv) will remove one node from the set of peaks 
after li applications the total number of applications of rule {iv) in Ci is < rii * k. □ 

We have bounds on the number of classes, the number of new edges and nodes, and 
the number of applications of the inference rules. Finally, we need to bound the size of the 
SLPs. Recall Definition 13.11 for the size of a SLP. 

Lemma 6.27. The largest, in size, SLP constructed by Algorithmic on any unification 
problem S is where IS”! is the initial number of equations. 

Proof. Assume that we have M topologically sorted, by >r, ^^-equivalence classes. 

Cl, C 2 ,..., Cm, each containing li,l 2 , ... ,1m lateral edges, for a total of L, and 
ni,n 2 ,... ,nM, for a total of N, variables. In addition, let ^ denote the number of lateral 
edges in class Ci at the start of processing and the number of variables at the start of 
processing, and ^ may differ from n* and li because nodes and edges can be added when 
processing classes above Cj. 

We need to consider both rule {x) and rule {iv) as these are the rules that can add 
new grammar productions and create larger SLPs. Recall two facts about these two rules, 
given two SLPs I = {'E,Ni,Pi) and J = {T,, Nj, Pj). 

(1) For rule (x), creating the new SLP K, by Lemma 16.111 |Ar| = \Pj U Pj\ + 1 and 
depth{K) < max {depth{I), depth{J)} + 1. 

(2) For rule {iv), creating the new SLP K, by Lemma 16.121 |Ar| < |/| -|- depth{I) and 
depth{K) < depth{I). 

For the analysis we assume that for rule (x) depth{K) = max {depth{I), depth{J)} + 1 and 
for rule {iv) \K\ = \I\ + depth{I). Therefore, rule (x) adds just one new grammar production 
and rule {iv) adds depth{I) new grammar productions. We want to give a bound on the 
grammar productions created at each level in the sort of classes and thus the largest SLP 
produced will be bounded by the total number of unique productions. 

Compute the Maximum Depth: First note that the depth of any SLP is only increased 
by rule (x) and only by 1. Let us first examine the depth of a SLP in a class Cj. Let Di 
be the depth of the largest, in depth, SLP in Ci at the start of processing. Then, since the 
application of rule (x) is bound by n — 1, where n is the number of nodes in the class, the 
largest, in depth, SLP produced in Ci by rule (x) is 

(n--l)-hA (6.1) 

where if Ci is a source node in the >r ordering, Di = 1. Now assume there are k classes, 
denoted as Cj^, ■ ■ ■, Cj^., above Ci in the >r ordering. Thus, from the i — 1 classes above Ci 
in the sort, at the start of processing Ci, k of them are related to Ci by >r. As the classes 
not related to Ci by >r will not contribute any nodes or edges to Ci we need only consider 
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the k classes. 

Claim 1: 

k 

Di < - 1) + 1 

X = 1 

Proof of Claim 1: 

First, there must exist at least one “source” class in the k classes. By the bound given 
in dSII), the more source classes we have the less depth we add as for each source class, 
Cg, Dg = 1. Thus, for the worst case analysis let us assume there is only one source class, 
say Cj^, from the k classes. Second, for the worst case analysis when processing any one 
of the k class we want to ensure we are always adding depth to the previous largest, in 
depth, SLP. Thus, assume that the k classes form a chain, each class adding the maximum 
number of productions to the largest, in depth, SLP passed down from the class above and 
then passing that new SLP to the next class. The process starts with class Cj^ and ends 
at Ci, i.e., like a total ordering. If we compute the depth of the final deepest SLP in this 
chain, using ()6.1I) as a bound of the depth at each level, we obtain the following bound on 
maximum depth. 

E(b. -1) +1 (e-2) 


Compute the Maximum Size: Now let us consider rule {iv) on the same class Q. 
Lemma 16.261 bounds the number of applications of rule (iv) for any class based on and n^. 
From Lemma [6.221 we can make the worst case assumption, l^ = li + 2 — 1). This 

results in a larger then worst-case bound for the number of applications of rule [iv) on the 
equivalence class Cp 

k 

+ 2^(nj„ - 1)) (6.3) 

X=1 

By Lemma 16.121 rule (iv) can add up to depth{Tr) new grammar productions when applied 
to a SLP TT. We can make a worst-case assumption that each time rule (iv) is applied 
the SLP it is applied to has the maximum depth. Therefore, combining the bound (16.3p 
with ()6.2p we get the following bound on the number of new grammar productions rule (iv) 
can add during processing of a class Cp 

k k 

n'iili + - 1))(X]K. - 1) + 1) (6.4) 

X=1 X=1 


We also have from (j6.ip that the number of new grammar productions produced by rule (x) 
during processing of class Ci is bounded by 

n- - 1 (6.5) 


Let us make an additional worst-case assumption, that each edge in each initial class contains 
a unique single production SLP. This of course cannot happen as the initial number of 
unique SLPs before processing for all classes combined is the number of label variables. 
Combining this assumption about the unique starting edges with the number of applications 
of (x) and the number of new grammar productions created by (iv) we get the following 
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bound on the number of possible new grammar productions added by the processing of a 
class Ci'. 

k k 

ni-l + n'iik + 2 j 2 inj, - “ 1) + 1) (6-6) 

X=1 X=1 

Therefore, to get the total number we add up this value from each class from 1 to M. 
Lemma 16.211 implies that the total number of new variables added to the system is < 2M, 
thus we can assume that Ylx=ii^jx “ 1) < (-^ + 2M) and — 1) + 1 < {N + 2M). 

Recall that N is the total number of initial variables. With these assumptions for any class 
Ci, 1 <i < M: 

k k 

- 1 + nSi + 2 - 1 ) + 1 ) 

X=1 X=1 

<{N + 2M) + {N + 2M){L + 2{N + 2M)){N + 2M) 

Therefore, adding M of these we get: 

M [(A^ + 2M) + {N + 2M){L + 2{N + 2M)){N + 2M)] 

Since the equations are in standard form there are at most 3 variables per equation. This 
implies that N, L and M are < 3|5|, where IS"! is the total number of equations. Therefore, 
we get the upper bound (!1(|S'|'^). □ 

Definition 6.28. Let Pgip denote the largest polynomial which bounds the run-time for 
any of the required SLP operations. This polynomial is in terms of the largest SLP, which 
by Theorem 16.271 is 0(|S'|'^). 

From 113] we could assume that Pgip = 0{n^), where n is the size of the largest SLP. 

Theorem 6.29. The worst-case running time of Algorithmic is 0(|S'|'^ * Psip(|S'|'^)), where 
I S'! is the initial number of equations in standard. 

Proof. First let V denote the initial number of label variables and let M denote the initial 
number of equivalence classes. Lemma 16.81 shows that V does not increase and Lemma [6.191 
shows that M does not increase. 

First we consider a general overview of the run time of the algorithm. 

(1) Since V does not increase and each time the algorithm returns to step (1) it equates 
two label variables, thus decreasing V, step (1) is applied at most V times. 

(2) Since the algorithm process an equivalence class once and M does not increase the 
algorithm applies steps (2) though (5) a maximum of M times. 

Now let us assume that each step (1) through (5), has an associated polynomial. Pi, i G 
{1,2,3,4,5}, which bounds the maximum run-time of that step in terms of IS] the initial 
number of equations in standard form. Based on the general observations above we get the 
following polynomial, P, which bounds the running time of Algorithm [2] 

P = V{Pi + M{P 2 + P 3 + P 4 )) (6.7) 

It remains to be shown that each Pi is indeed a polynomial in IS"! which bounds the 
run-time of step i. Before examining each step in more detail we present a few useful facts. 
• First, rule (0) is the only rule that affects the initial set of equations and this rule only 
equates two variables. Therefore, we can bound the run-time by IS"! without concern that 
IS] will increase. 
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• Let Vo denote the set of all variables in the initial standard form set of equations. Then, by 
the structure of the equations we can see that there are at most 3 variables per equation 
and Vb < 3 * |S'|. This also implies that 1^ < 3 * |5| and M < 3 * |5|. 

• It also easily follows that L the number of lateral edges is bounded by IS*!, in fact L < IS*!- 

We now consider each step in Algorithmic 

(1) Step (1), by standard graph construction methods, is bounded by 0{Vo * |5|), which 
results in Pi < Cl * I S'p, for some constant Ci. 

(2) By Lemma 16.251 the number of inference rules applied at step (2) is 0{N + E), where 
N is the number of nodes and E the number of edges in the CT> graph. Let Vq denote 
the initial number of variables in S, then < Vq + 2 * M, since by Lemma 16.211 the 
maximum number of variables that can be added is twice the number of equivalence 
classes. Next, by Lemma 16.231 The maximum number of lateral edges added to any 
equivalence class is 0{Vo + M). We can thus conservatively say that the maximal 
number of lateral edges is 0(M{Vo + M)). Since the number of downward edges does 
not change we get the bound of 6 * 2 (Vq + 2 * M) + M{Vq + M)). Rewriting in terms of 
I'S'I, P 2 < C 2 * (|5'p + IS"!^ + |S'p) * Psip{\S\^), for some constant C 2 . 

(3) Using standard graph cycle checking we get that P 3 < C 3 * IS"!, for some constant C 3 . 

(4) By Lemma 16.261 the number of rules applied for class i is 0{Ni * Li) where Lj is the 
number of lateral edges and W the number nodes in the class i being processed. Thus 
for each class we get a run-time bound of 0{{Ni * Li) * Psip(|S'|‘^)). Rewriting in terms 
of IS*! we get P 4 < C 4 * \S\‘^Psip{\S\'^), for some constant C 4 . 

Now plugging all these into Equation (16.7p . letting C = Max{Ci, C 2 , C 3 , C 4 ) and replacing 

V and M in terms of S we get 

V<c* (|5|3 + |5|^ * P.ip(|5|^) + |5|3 + |5|^ * P.ip(|5|^)) (6.8) 

or 

0(|S|"*P,Zp(|Sn) (6.9) 

□ 


7. On Asymmetric Unification and One-Sided Distributivity 

Our work on a polynomial bounded procedure was partially motivated by its potential 
application to cryptographic protocol analysis. Since our initial results |15] . a new unifi¬ 
cation paradigm has been developed in [5] and is based on newly identified requirements 
arising from the symbolic analysis of cryptographic protocols. The analysis involves the 
unification-based exploration of a space in which the states obey equational theories that 
can be expressed as a decomposition R\SE, where R is a set of rewrite rules that is confluent, 
terminating and coherent modulo E. In order to apply state space reduction techniques, 
it is usually necessary for at least part of this state to be in normal form, and to remain 
in normal form even after unification is performed. This requirement can be expressed 
as an asymmetric unification problem {si ='*' ti, ..., Sn ='*' tn} where the denotes a 
unification problem with the restriction that any unifier leaves the right-hand side of each 
equation irreducible. 

Let us review a few definitions needed for asymmetric unification problems. A rewrite 
rule is an ordered pair I —r such that Z,r G T(S, T) and I ^ A. The rewrite relation on 
T(S, A), written t — s, holds between t and s iff there exists a non-variable p G Poss(t), 
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I ^ r G R and a substitution 6, such that t\p = 15 and s = t[r5]p. The relation —>■/?/£; on 
T(S, X) is =E o -^R ° =E- The relation -^r^e on r(S, X) is defined as: t -^r^e t' if there 
exists a position p € Poss(t), a rule I ^ r G R and a substitution 5 such that t\p =e 15 
and t' = t[r5]p. The transitive (resp. transitive and reflexive) closure of -^r^e is denoted by 
~^tiE (i^osp. -^*ee)- ^ term t is -^r^e irreducible if there is no term t' such that t -^r^e t'. 
t is then said to be a i?, i?-normal form (or just normal form). If -^r^e is confluent and 
terminating we denote the irreducible version of a term t by t ]^r^e- 

Definition 7.1. We call (S, E, R) a decomposition of an equational theory A over a 
signature S if A = i? l+l and R and E satisfy the following conditions: 

(1) E is variable preserving, i.e., for each s = t in we have Var{s) = Var{t). 

( 2 ) E has a finitary and complete unification algorithm. 

(3) For each I ^ r G R we have Var{r) C Var{l). 

( 4 ) R is confluent and terminating modulo E, i.e., the relation -^eje is confluent and 
terminating. 

(5) R is coherent modulo E, i.e., Vti,t 2 it 3 if -^r,e ^2 and =E H then 3 such that 

t2 ^R^E ^4) ^3 ^~R^E ^5’ and t 4 =E ^5- 

Definition 7.2. (Asymmetric Unification). Given a decomposition (S,i3,i?) of an 
equational theory, a substitution <5 is an asymmetric R, E-unifier of a set <S of asymmetric 
equations {si ='i ti, ..., ='*' in} iff for each asymmetric equations Si ='*' fi, 5 is an 

{E U i?)-unifier of the equation Sj =■ ti and {ti Xr,e)5 is in i?,£'-normal form. A set of 
substitutions is a complete set of asymmetric i?, £'-unifiers of S (denoted CSAU{S)) iff: 
(i) every member of fl is an asymmetric R, i3-unifier of S, and (ii) for every asymmetric 

R, F^-unifier 0 of 5 there exists a (5 € 12 such that 5 

Example 7.3. Let R = {X ©0— t-A, A©A— 5-0, X ® X ®Y —t'T} and E be the 
associativity and commutativity (AC) axioms for ©. Consider the equation Y®X X®a. 
The substitution = {Y i-A a} is an asymmetric solution since the right hand side will 
remain irreducible after applying 5i. But, 52 = {Y i— )> a, A i-A 0} is not an asymmetric 
unifier, although it is a uniher, since 0 © a -^r^e cl. 

We consider the one-sided distributivity theory in this new asymmetric setting. First, 
we need to present the axioms as a theory decomposition. In this case the theory decom¬ 
position is simple. Let A = RLi E, where R = {A x(y + Z)—^AxT + AxZ} and 
E = (D. 

One way of approaching the asymmetric unification problem is to start with the sym¬ 
metric unifiers and then try modifying them, if need be, into asymmetric unifiers. Thus we 
could have first obtained the symmetric unifier using the original Tid&-Arnborg algorithm. 
This method looks feasible as far as decidability is concerned, but instead we develop an 
algorithm where failures can be detected much earlier. 

In what follows we are going to assume that variables are always mapped to R, 0-normal 
forms. We can do this by assuming, without loss of generality, that all substitutions are 
R, 0-normalized. 

Based on A, the following inference rules represent an asymmetric algorithm and are a 
simple modification of the original Tiden-Arnborg algorithm to the new asymmetric domain. 
The soundness of the rules follow directly from the rules presented in Section 3. In addition, 
since the asymmetric restriction does not affect the system being subterm collapse free, 
the error conditions of the original algorithm, and the graphs used to detect them, remain 
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unchanged. The only additional error conditions, rules (e) and (f), follow due to the rewrite 
rule, R = {X x{Y + Z) X xY + X xZ} , which requires that we apply a reduction to the 
X rooted term. Likewise, rules (e’) and (f’) would imply failure because a reduction could 
be applied to a term with an irreducible restriction. We denote the algorithm, consisting 
of the following inference rules along with the error checking, as Algorithm 3. 


(a) 

(b) 


(c) 

(d) 

(e) 
(e’) 

(f) 

(f’) 

(g) 

(h) 


SQ W {U V} 

{U V}LI {U^V}{£Q) 


if U occurs in £■ Q 


£Q ta {U =^VoW, U XoY} 
£Q u {U =^VoW, X V, Y W} 


where o is either + or x 


£Q y {U =^VoW, XoY =^U} 

£Q u {U V oW, X V, Y =t W} 

£Q y {V oW U, X oY U} 

£Q U {VoW =^U, X V, Y W} 

£Q y {U =^V xW, U X + Y} 

FAIL 

£Q y {U =^V xW, W X + Y} 

FAIL 

£Q y {U =^V xW, X+ Y U} 

FAIL 

£Q y {U V X W, X + Y W} 

FAIL 

£Q y {V xW U, U X + Y} 

£Q {V xW U, W +W2=^W, Vx TTi =-^ AT, T x ITj Y} 

£Q y {V xW U, X+ Y =^U} 

£Q {V xW U, W +W2=^W, Vx TTi =- 1 - X, T x Wj Y} 


Figure 10: Asymmetric Inference Rules for Algorithm 3. 


In addition to error checking remaining the same, the soundness of the above procedure 
can be shown by showing each rule is sound and this follows since each rule is just an 
asymmetric instantiation of the sound symmetric rules presented in Section [H In addition, 
we can assume termination since the original algorithm is terminating. 

In the following let o denote either + or x. 

Lemma 7.4. The set of equations 

{U Vo W, U XoY} 

and the set of equations 

{U =^V oW, X oY =^U} 

have the same asymmetric solutions as the set 

{U=^VoW, A=^I/, Y=^W}. 
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Proof. The fact that the equations have the same unifiers is a result of Theorem 14.11 Next 
note that the asymmetric restrictions are maintained since the instances of 14 o W, V and 
W must be irreducible. □ 

Lemma 7.5. The set of equations 
{VoW =^U, XoY =^U} 
has the same asymmetric solutions as the set 
{VoW =^U, X V, Y =-^ W}. 

Proof. The fact that the equations have the same unifiers is a result of Theorem l4.ll We can, 
without loss of generality, assume that all substitutions are R, 0 normalized. This implies 
that variables are always mapped to R, 0-normal forms and we can apply an irreducibility 
restriction to them without restricting the solution space. This implies the correctness of 
the last two equations X V, Y W. □ 

Lemma 7.6. The foUowinq sets of equations have no asymmetric R, 0 solutions: 

{U =^V xW, U X + Y}, 

{U=^V xW, X + Y U}. 

Proof. This is due to the orientation of R which requires a reduction in the x-rooted equa¬ 
tion in order to move a -|- to the top. Q 

Lemma 7.7. The set of equations 

{V xW =^U, U =^X + Y} 

and the set of equations 

{V xW =^U, X + Y =^U} 

have the same asymmetric solutions as the set 

{VxW=^ U, Wi + W 2 =^W, y X Wi =^X, Vx W 2 Y}, where Wi and Wi are fresh 
variables. 

Proof. The fact that the equations have the same unifiers is a result of Theorem 14.11 In 
addition, since we can assume that variables are mapped to R, 0-normal forms and all 
substitutions are normalized we a free to place an irreducibility restriction on a variable 
without reducing the set of solutions. D 

Recall that in addition to the two failure rules we maintain the two graphs used to 
detect failure in the original symmetric algorithm. 

Lemma 7.8. The error conditions of Algorithm 3 are correct. 

Proof. This follows from Lemma 17.61 and the fact that adding the asymmetric restriction 
does not change the fact that the theory is still simple, i.e., cycles imply failure. Thus, the 
use of the graph based method to detect cycles is still valid. In addition, it has been shown 
in [22] that systems that cause non-termination are not unifiable and are detectable via the 
sum propagation graph method. Since adding irreducibility constraints does not increase 
the types of systems which cause non-termination and the systems are still detectable via 
the graph method, the use of a propagation graph to detect all non-terminating systems is 
still correct. □ 
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Theorem 7.9. Asymmetric R, 0 unification is decidable. 

Proof. Lemma [7.81 shows that if a system is not asymmetrically unifiable it will be detected 
by one or more of the failure rules or graphs. In addition, Lemma 17.81 shows that non¬ 
terminating systems will also be detected implying Algorithm 3 terminates. 

Lemma 17.41 Lemma 17.51 and Lemma 17.71 show that Algorithm 3 transforms a system 
into a solved-form maintaining the set of solutions. This implies that the substitution 
constructed from the final solved form is an asymmetric solution to the initial problem. Q 

Theorem 7.10. Algorithm 3 produces a complete set of asymmetric unifiers. 

Proof. Consider an asymmetric problem, S, and its solved form. S' produced by Algo¬ 
rithm 3. Let 5s' denote the substitution obtained from S' in the standard way. Recall that 
a substitution obtained from a dag solved form is idempotent, i.e., Ss' = ds'ds'. Let 6 be 
an asymmetric solution to S and let X £ Var{S). 

(1) If A 0 Var{S'), X6s' = X and X6s^9 = XQ. 

(2) If A € Var{S'), then there are two cases. 

(a) X6s' A, in which case X6s'6 = X6. 

(b) X6s' 1-^ ti, for some term ti. This implies there is an equation in S' of the form 

A ti. Recall Lemma 17.41 Lemma 17.51 and Lemma 17.71 show that Algorithm 
3 transforms a system into a solved-form maintaining the set of solutions. Thus, 
X6 =A tfi. This implies that X6s'9 =a Ud =A X6. Q 

Therefore, we can obtain an asymmetric unification algorithm by modifying the original 
symmetric algorithm. This new algorithm has the following beneficial characteristics: 

• Much as the original algorithm of [22], this new algorithm is conceptually easy to grasp, 
and easy to implement. 

• Again, like the Tiden and Arnborg algorithm, the new asymmetric algorithm should 
perform well computationally on most problem instances, since it is unlikely a problem 
will have the structure needed to force the exponential behavior. 

Complexity. 

Definition 7.11. For n > 0, let a'{n) be the set of equations 


X^i+l Xp2 

=4 

Ap, 


=4 


T X Xii2 

=4 

^2ni 

TxY 

=4 


Xp+2 X^i+l2 

=4 

Xp+i 


for all 0 < i < n, where Xy denotes i concatenations of I € {1, 2}, i.e., Xi32 = A 1112 . 

A simple modification to the cr{n) definition (see Definition 17.lip again results in a 
family of equations, this time asymmetric, which cause exponentially many applications of 
the inference rules. The new definition, o''{n), simply places the irreducibility restriction on 
the variables which are already irreducible with respect to the rewrite rule. Since we can 
assume, without loss of generality, that substitutions are fully reduced via R, 0-rewriting, 
the irreducibility restrictions will not be violated. Therefore, the action of the new algorithm 
does not change, in terms of complexity, from the action of the original algorithm on a{n). 
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An Open Problem: Polynomial-Time Decision Algorithms for Asymmetric Unification mod¬ 
ulo One-Sided Distributivity. The polynomial algorithm developed in Section [6] relies on the 
use of SLPs to ensure the polynomial bound. The SLP compression method can be used 
because the critical information, path labels, are maintained by the compression method. 
In addition, there are polynomial bounded algorithms for answering the required questions 
regarding SLP compressed strings. However, when asymmetric unification is considered 
we are forced to also keep track of the irreducibility restriction. This information would 
unfortunately be lost in the current compression method. The current compression scheme 
used in Algorithm [2] would need to be modified, to maintain the irreducibility constraints, 
before the algorithm could be applied to the asymmetric case. 

Therefore, a polynomial time asymmetric algorithm based on compression is still an 
open problem. There are a couple of possible approaches: 

(1) Develop a method of encoding the irreducibility restriction into the same SLPs. This 
seems like it may be possible, but it also requires ensuring the SLP algorithms used in 
Section [6.5.21 can be applied, in polynomial time, to these new encodings. 

(2) Use a different compression method. This may also be possible, for example perhaps 
using the methods developed in [9]. Again, we would need to ensure all the operations 
used in Section [6.5.21 could be done on the new compression method in polynomial time. 

8. Conclusions 

Three problems are solved in this paper: 

(1) We have developed a new polynomial time algorithm which solves the decision problem 
for a non-trivial subcase, based on a typed theory, of unification modulo one-sided 
distributivity. This subcase happens to be sufficient to express the negative complexity 
result in m- The new algorithm is conceptually easy to understand and more efficient 
than the new algorithm solving the general problem. 

(2) We developed the first polynomial time algorithm which solves the decision problem 
for unification modulo one-sided distributivity. 

(3) We developed the first algorithm that solves the asymmetric unification problem for 
unification modulo one-sided distributivity. That is, the algorithm produces the most 
general asymmetric unifier. Although this new algorithm is not polynomial, it is con¬ 
ceptually easy to grasp and easily implemented. In addition, it should perform well 
computationally on most problem instances. 

Although the focus of this paper is on decision procedures and complexity we can note 
that all the algorithms presented in the paper compute unifiers. In the asymmetric case a 
complete set of unifiers can be obtained from the computed solved forms. In the compressed 
case, a resulting solved form is actually a compressed representation of a unifier. 
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Appendix A: Computing a Suffix 

For completeness we present in a very simple recursive algorithm for computing the com¬ 
pressed suffix in polynomial time. One could also use the methods developed in [U |T2l [T3l El] 
to efficiently compute the suffix and prefix. The algorithm only requires the size of the 
string produced by the prehx and the actual SLP containing the prefix and suffix. We 
assume also that the size of the string produced for each SLP is contained in the data 
structure. Let tti denote the large SLP containing the suffix and let tt 2 denote the prefix. 
Let diff = ||vri|| — ||vr 2 ||, i.e., diff is the size of the string produced by the suffix. The 
algorithm returns the suffix SLP, denoted as 


Algorithm 3 BuildSuffix 
(Input: TTi, diff) 

Create a SLP pointer: temp = vri 
while \\RightChild{temp)\\ > diff do 
temp = RightChild{temp) 

end while 

if I [tempi I == df then 
return temp 
else 

Create new non-terminal 
RightChild['K‘i) = RightChild{temp) 

LeftChild{'Kf) = BuildSuffix{LeftChild{temp),diff — \\RightChild{'K‘i)\\) 
return tts 

end if 


Theorem 9.1. Algorithmic runs in 0{depth[TTi)), [ttsI < [ttiI-|- dept/i(7ri) and depthlrr^) < 
depth{7ri). 

Proof. Consider the recursive call in Algorithm [S] The algorithm only uses a single linear 
recursive call and the recursion is always called on a non-terminal one level lower in tti. 
Therefore, the algorithm is bounded by depth{TTi). In addition, a new rule/non-terminal, 
is created for each recursive call for a maximum of depth{7ri) new rules, thus [vrsl < [vrij -|- 
depthl-Ki). □ 
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